Overview

overview

10

Static

static

10

05 CITACIO...DO.zip

windows7-x64

1

05 CITACIO...DO.zip

windows10-2004-x64

1

05 CITACIO...A..exe

windows7-x64

10

05 CITACIO...A..exe

windows10-2004-x64

10

05 CITACIO...up.exe

windows7-x64

10

05 CITACIO...up.exe

windows10-2004-x64

10

05 CITACIO...et.eps

windows7-x64

3

05 CITACIO...et.eps

windows10-2004-x64

3

05 CITACIO....accdb

windows7-x64

3

05 CITACIO....accdb

windows10-2004-x64

3

05 CITACIO...c_.dll

windows7-x64

3

05 CITACIO...c_.dll

windows10-2004-x64

3

05 CITACIO...m_.dll

windows7-x64

3

05 CITACIO...m_.dll

windows10-2004-x64

3

05 CITACIO...t_.dll

windows7-x64

3

05 CITACIO...t_.dll

windows10-2004-x64

3

05 CITACIO...20.dll

windows7-x64

3

05 CITACIO...20.dll

windows10-2004-x64

3

05 CITACIO...20.dll

windows7-x64

3

05 CITACIO...20.dll

windows10-2004-x64

3

05 CITACIO...20.dll

windows7-x64

3

05 CITACIO...20.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO.zip

  • Size

    4.8MB

  • Sample

    240725-3gy67ssaqk

  • MD5

    843287222d08fa7d9abcdd75926e8cd7

  • SHA1

    c565498234952bbf46131fca08bb00dc3803722e

  • SHA256

    f894d3df8c6df4117d44d958382a5ba47ab288e2cc5e7fd8c793ceef1a21a220

  • SHA512

    96eec4ce926658128b634f87aa4423a6d6e3b36eb763c283f8b11ee5b2252db92e011034611b083aa737e463026c5933f68ceb6a976137968039fda14c9c6c22

  • SSDEEP

    98304:dVtC29qKgrsZ9QORN29RPjcYq0KvkIIV4UFwx0BJgVcEaFEytVByTHdDYo5zZB:dvC29q4Z9nN29RrcptbIaMvUGEUylYgb

Score
10/10
asyncratneshtadefaultdiscoverypersistenceratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

gfbvhbh2024.kozow.com:2000

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO.zip

    • Size

      4.8MB

    • MD5

      843287222d08fa7d9abcdd75926e8cd7

    • SHA1

      c565498234952bbf46131fca08bb00dc3803722e

    • SHA256

      f894d3df8c6df4117d44d958382a5ba47ab288e2cc5e7fd8c793ceef1a21a220

    • SHA512

      96eec4ce926658128b634f87aa4423a6d6e3b36eb763c283f8b11ee5b2252db92e011034611b083aa737e463026c5933f68ceb6a976137968039fda14c9c6c22

    • SSDEEP

      98304:dVtC29qKgrsZ9QORN29RPjcYq0KvkIIV4UFwx0BJgVcEaFEytVByTHdDYo5zZB:dvC29q4Z9nN29RrcptbIaMvUGEUylYgb

    Score
    1/10
    behavioral1behavioral2

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/02 CITACION DEMANDA..exe

    • Size

      2.3MB

    • MD5

      5d52ef45b6e5bf144307a84c2af1581b

    • SHA1

      414a899ec327d4a9daa53983544245b209f25142

    • SHA256

      26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616

    • SHA512

      458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48

    • SSDEEP

      49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/OperaSetup.exe

    • Size

      2.1MB

    • MD5

      6c01a631f7c31ce735c757a33537e95b

    • SHA1

      60bee89ee0f2da909c83d2e71413afdb2c4e3648

    • SHA256

      7f1b8f48b9b9e7a43b4689e2d4fcf0ace7a251e4801d5b0d666414e7604359e0

    • SHA512

      6e1d49190afd096ddf469273e8e59531fe7a951ca262d6b90035f69c6510e6c949fcb781fa6031f47b81016654b832544563c9b124165e3a18b23bb3311101f8

    • SSDEEP

      49152:iNEyYMnDfIZ54N+FVbKDR5s5R+M8nAZWVqNmHhO:4EIxO8s5R+MZhQ0

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/aigret.eps

    • Size

      540KB

    • MD5

      03a221734081deb51c57ade9ea64b70a

    • SHA1

      68491d7e65f16d9632e83e2ab5d83fd3409f0e1e

    • SHA256

      2eb15c8761cae256af55096163729f0e4615b7694036b197f3dfa705a5e637cb

    • SHA512

      55a64df7cc1255effd126b012cbb7318160b91c6379b325f4ade207bdab908e750e326a594f2819e2639d20494ee712dd4db7526ee77691cf6696b5632284c9a

    • SSDEEP

      12288:mEiuFvq9F6ppHz3otCxfUs+MTDQpd3s413U1XIGPKrN6fQzo:DHvN/Y0l+aQ30Hyr81

    Score
    3/10
    behavioral7behavioral8

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/barrette.accdb

    • Size

      17KB

    • MD5

      3de728173727b206fe14724ba05a28c2

    • SHA1

      407ca05387c9fc1ac22cd409df1f0899d49a7cde

    • SHA256

      f923b85549cf4d2f87c11f4cdeb5abb408974aea8235aa68acc849736ebdde28

    • SHA512

      33b6e43f6bdaf31b7387ffa683e9581afb4d9b170767e6c6a51180608568db9675fb16643ff462dfd53c6ca76789902553d9bb6e834734fbd8ce4f8726b76206

    • SSDEEP

      384:moEH9+fB4OMKekS2JF9v3nd9wS+MdogIKR9ZEvUGDcMdMzGjVP:DEH9KfMKQWzv3dJPogIKR9iUWc/ajVP

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/madbasic_.bpl

    • Size

      210KB

    • MD5

      e03a0056e75d3a5707ba199bc2ea701f

    • SHA1

      bf40ab316e65eb17a58e70a3f0ca8426f44f5bef

    • SHA256

      7826395127e791a883359ea81308174700da0af8052cc9853b19fd29c2e4badb

    • SHA512

      b0a3cfb6b34832f048fe0fc70c6fa76ae16a2cacda930f6529a83a967d6e8de1c69b93e0de3dc2126c5385d85e814687e695a0a4131399a69633141cad98da2a

    • SSDEEP

      6144:6N/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/FrfGx:JqeM/k4qR5L5e5+53WulZGx

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/maddisAsm_.bpl

    • Size

      63KB

    • MD5

      ef3b47b2ea3884914c13c778ff29eb5b

    • SHA1

      dc2b1fa7c7547d8f1ad3f20f9060f7bc686118e0

    • SHA256

      475f7cdffd8ed4d6f52bd98ae2bb684f1c923a1be2a692757a9af788a39b1d87

    • SHA512

      9648d951d8d3640436c8029fd0f06786f7ff8f52191cd6959569c87868bb6c40ac8c7e495c09377a8a5c85e8d3942551c37eb84e916b5c16327d8d43a167820e

    • SSDEEP

      1536:eNy3eqMne0sXB0IWtCLwEJhY0w1K7fixStj7wyis:CqMnfIB04LwEJhY0w1K7zzj

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/madexcept_.bpl

    • Size

      436KB

    • MD5

      98e59596edd9b888d906c5409e515803

    • SHA1

      b79d73967a2df21d00740bc77ccebda061b44ab6

    • SHA256

      a6ca13af74a64e4ab5ebb2d12b757cecf1a683cb9cd0ae7906db1b4b2c8a90c0

    • SHA512

      ba617227849d2eb3285395e2d1babfe01902be143144be895011f0389f1860d0d7f08c6bbc4d461384eba270f866cce3351f52af1dc9ef9719c677619de79e42

    • SSDEEP

      6144:1lAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2g:1lG4ut30F8slzYlQcW/jd++2nJ6u2g

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/rtl120.bpl

    • Size

      1.1MB

    • MD5

      1681f93e11a7ed23612a55bcef7f1023

    • SHA1

      9b378bbdb287ebd7596944bce36b6156caa9ff7d

    • SHA256

      7ed5369fcf0283ea18974c43dbff80e6006b155b76da7c72fa9619eb03f54cef

    • SHA512

      726e8f58648a6abaf1f2d5bebcf28c1d8320551a3b6e7eef0cf8d99f9ef941e30e7004c24c98e9b5e931a86128d26de7decba202390665a005e972dcbe87ab93

    • SSDEEP

      24576:3bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gboN:Q2hTKgboN

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/vcl120.bpl

    • Size

      1.9MB

    • MD5

      1384dcc24a52cf63786848c0ed4a4d1b

    • SHA1

      ea63180c94ea2d0417ad1860128980dd18c922ef

    • SHA256

      d19f51871484cc4a737196bdb048193ad73f7f6bd061ec813766516eba26e406

    • SHA512

      d405911672e3ea7abcbc898d7b807b9bc1dcbf4f83663d70bd8adab075960cf3d904b2710adbdafbcbb99ba4a41b9a40c64b7171e845255a91a042871b1ce8a3

    • SSDEEP

      24576:74gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RP6S9YMPY5yz6I:7vSf0Ww+NpPSyzYY8I8YMPY4+I

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      05 CITACION DEMANDA EN SU CONTRA - JUZGADO PENAL 01 DEL CIRCUITO RAMA JUDICIAL ESPECIALIZADO/vclx120.bpl

    • Size

      222KB

    • MD5

      3cb8f7606940c9b51c45ebaeb84af728

    • SHA1

      7f33a8b5f8f7210bd93b330c5e27a1e70b22f57b

    • SHA256

      2feec33d1e3f3d69c717f4528b8f7f5c030caae6fb37c2100cb0b5341367d053

    • SHA512

      7559cdf6c8dbea052242f3b8129979f7d2d283f84040f1d68ae10438548072715a56a5af88b8562aeea7143194e7c5bddac3fdb01ded411a0b1cac9f0c6eef3f

    • SSDEEP

      3072:K4af8kXL6nX0YXjvkWQ5vYhbNkWPFOEJ8YZbjeTl0Y25zFgYBzRKy6sB65avEtAA:baf8kLWL7Xov8bNxdOmrfgYmHA6h

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

6
T1082

System Location Discovery

9
T1614

System Language Discovery

9
T1614.001

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

neshta
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

asyncratdefaultdiscoveryrat
Score
10/10

behavioral4

asyncratdefaultdiscoveryrat
Score
10/10

behavioral5

neshtadiscoverypersistencespywarestealer
Score
10/10

behavioral6

neshtadiscoverypersistencespywarestealer
Score
10/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10